1.†††††††† The purpose
of this report is to update the Committee on risk and assurance actions and
activities to maintain and improve Councilís internal control framework and to
present the Strategic Risk Profile.

Recommendations

That the Committee:

(i)†††††††† notes
the information in this report; and

(ii)††††††† notes
the Strategic Risk Profile 2016 as approved by the Strategic Leadership Team,
attached as Appendix 1 to the report.

Background

2.†††††††† The Risk
and Assurance Manager provides an update twice a year on the actions taken to
maintain and improve Councilís assurance and risk management framework. The
preceding Risk and Assurance Update was presented to the Finance and Audit
Committee meeting held on 13 July 2016.

Discussion

Strategic Risk Profile

3.†††††††† Strategic
risks are those that affect the achievement of Councilís strategies, strategic
objectives, key goals and strategic execution.

4.†††††††† This
profile considers each key strategy and provides a high level snapshot of
strategic risk context, plans and treatment actions.

5.†††††††† Attached as
Appendix 1 to the report is the annual Strategic Risk Profile for 2016 for
Council as approved by the Strategic Leadership Team (SLT) and Risk Management
Working Group.

6.†††††††† The risk
profile now includes a risk status update key to show movements in risk status
or risk ranking from the previous profile. The risk status update provides an
indication of a decrease, no change or increase in the risk ranking, which is
derived from a combination of consequence and likelihood assessments for the
risk based on the risk ranking matrix.

7.†††††††† Leisure and Wellbeing
strategic risk rating has decreased (improved) in light of strategic community
facilities projects being completed and positive progress of community
programmes and initiatives that enhance the lives of our communities.

8.†††††††† Organisation strategic risk
rating has increased as we have a greater awareness of health and safety
exposures and plans are in place to address identified areas that require
attention and improvement.

9.†††††††† Natural Hazards strategy
rating remains HIGH. Following the Kaikoura earthquakes on 14 November
2016, a number of actions are underway to address our susceptibility to,
resilience and preparedness for natural hazards. Also refer to the Risk
Management Working Group activities below for details.

10.†††††† The annual
Strategic Risk Profile was last presented to the Finance and Audit Committee on
23 November 2015.

Internal Audit

11.†††††† The payroll
internal audit report was issued on 21 October 2016. The overall objective of
this review was to determine the adequacy and effectives of controls and
systems in place to manage their operations, and to identify any improvement
opportunities. Audit work aimed to avoid gaps and overlaps with other sources
of assurance.

12.†††††† Payroll
internal audit opinion on management control is that it is effective. The
control framework is appropriate and effective. Controls are appropriately
designed and executed as intended. Overall processes are controlled. The
following two low rated findings were raised:

i.††††††† Monitoring of patterns for casual and temporary staff; and

ii.†††††† Document and test service continuity plan.

13.†††††† The Internal
Audit Plan 2016-2018 was approved by SLT on 5 December 2016. Planning for the
first two reviews is underway for i) high level review of the official
information requests process and ii) Community Funding and Grants internal
audit.

14.†††††† Monitoring
processes are in place to track and follow up findings raised in internal
audits to ensure corrective actions are cleared as the resolution date falls
due.

15.†††††† Monthly
reporting continues to assess compliance with legislative and regulatory
requirements. To date for the 2016/2017 year there has been one significant
breach in relation to a response to an official information request response
not meeting the statutory timeframe.

Risk Management Working Group

16.†††††† The Risk Management Working
Group (RMWG) has met twice since the 13 July 2016 update provided to the
Finance and Audit Committee.

17.†††††† Last
month a workplace security assessment for the Laings Road administration
building reception area was undertaken by the Health and Safety Manager and
Health and Safety Consultant. The assessment was based on the guidelines in the
judgement from the prosecution of the Ministry of Social Development by
WorkSafe New Zealand following the shootings in the Ashburton Work and Income
Office in September 2014. WorkSafe have also issued guidelines to manage risk
in customer service areas, a fact sheet on best practice in developing plans,
so far as is reasonably practicable, to ensure the health and safety of workers,
and ensure that others are not put at risk.

19.†††††† A
total of 24 council sites having had workplace security assessments since
October 2014. Progress updates on remedial actions are
provided directly to SLT.

20.†††††† Security of the Pavilion
server room has been strengthened and is considered adequate with the
installation of security cameras in addition to the changing of access locks
and a PIN.

21.†††††† In October 2016 the RMWG
reviewed and updated the key service priorities for council services. This
forms part of the service continuity framework and prioritises the
areas/services for recovery following a disruption event. Priority rankings
have been communicated to Divisional Managers.

22.†††††† An emergency power test at
the Laings Road administration building is scheduled for 3 March 2017. The
planned test will ensure minor issues have been cleared from the two unexpected
power outages since staff moved back into the refurbished building.

23.†††††† The Chief
Financial Officer took up the role of Crisis Manager in September 2016. A
Crisis scenario is being investigated and may form part of the emergency power
testing in March 2017.

24.†††††† Coordinated
Incident Management System (CIMS) training continues to take place
approximately six weekly and is run by Wellington Regional Emergency Management
Office (WREMO) staff.

25.†††††† The
Divisional Manager, Regulatory Services and the Regional Manager/Group
Controller of WREMO will provide a separate briefing on the WREMO 12 month
update to the Community Services Committee to be held on 2 March 2017.

26.†††††† All sites
have emergency evacuation plans in place and drills are held regularly.

27.†††††† Staff Receiving of Gifts
policy was reviewed by the RMWG (no significant changes) and SLT approved the
updated policy on 5 December 2016.

28.†††††† The risk management system
has been reviewed. The document, previously approved by Council, is being
finalised by SLT.

29.†††††† Responsibilities
and supporting processes of the risk management framework are reinforced
regularly. Processes are in place for escalation outside of the regular
reporting channels on any emerging operational risks or issues. Managersí
reported on operational risk in January 2017.

Other
Considerations

30.†††††† In making
this recommendation, the Risk and Assurance Manager has considered the purpose
of local government in section 10 of the Local Government Act 2002. The Risk
and Assurance Manager believes that this recommendation falls within the
purpose of the local government in that it provides the Finance and Performance
Committee with information to support their governance role. It does this in a
way that is cost-effective because it provides assurance on the effective and
efficient management of risks within Council.